News
CTOs see human error, ransomware and phishing as biggest security threats, says new STX Next research
November 2021 by STX Next research
Despite this, only 26% of businesses have a dedicated cybersecurity team to mitigate threats, and only 50% outsource security requirements.
New research from STX Next, Europe’s largest software development company specialising in the Python programming language, has found that 59% of CTOs still see human error as the main security threat to their business, alongside other prominent concerns such as ransomware (49%) and phishing (36%).
Despite this recognition of risk, the findings suggest that more needs to be done to properly safeguard companies against dangers, with only a quarter (26%) having a dedicated cybersecurity team in place and only 50% outsourcing cyber responsibilities.
The findings were taken from STX Next’s 2021 Global CTO Survey, which surveyed 500 global CTOs about the biggest challenges facing their organisation. Other key findings from the research included:
Multifactor authentication (MFA) adoption is strong, with 88% of organisations employing it in some way
However, 47% have not implemented ransomware protection, despite its ever-increasing popularity among cybercriminals
58% are not using security information and event management (SIEM), and 41% have not employed privileged access management (PAM)
Conversely, 92% have implemented disaster recovery (DR) capabilities such as automated backups
Maciej Dziergwa, CEO at STX Next, said: “Our survey shows that, despite the inexorable rise of ransomware in the last couple of years, the biggest security concern in the minds of CTOs remains the potential impact of human error. This is understandable given that in order to be successful, many types of cyberattack rely on someone inadvertently clicking a link or downloading a file.
“Where things really get interesting, however, is when we see what businesses are doing to protect themselves against these threats. Companies that employ their own dedicated cyber team are still in the minority, and while outsourcing is preferred, this isn’t a common policy at the majority of organisations either.
“It’s a similar situation when looking at certain key protective tools that haven’t yet been implemented on a large scale, such as ransomware protection. The established presence of measures such as multi-factor authentication provide some cause for optimism though, so it will be interesting to see if the other security features follow a similar trajectory in the near future.”
Dziergwa believes that to further shore up security capabilities, businesses should look closely at how disaster recovery processes have been successfully implemented, and aim to replicate these approaches for cyber.
He added: “The strong presence of disaster recovery planning shows that organisations are doing well when it comes to the more all-encompassing, overarching responsibilities that ensure the business is resilient in the face of unexpected disruption. The next step is for leaders to apply this approach to the more granular elements of cybersecurity, including anti-ransomware tools.”
He concluded: “After all, security features are designed in many cases to reduce the potential for human error to cause major cyber incidents. By investing more heavily in these areas, CTOs will have less need to worry about any risky behaviour by their staff in future.”
